Posts

Eavesdropping By LED | Hackaday

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


If you ever get the feeling someone is watching you, maybe they are listening, too. At least they might be listening to what’s coming over your computer speakers thanks to a new attack called “glow worm.” In this novel attack, careful observations of a power LED on a speaker allowed an attacker to reproduce the sound playing thanks to virtually imperceptible fluctuations in the LED brightness, most likely due to the speaker’s power line sagging and recovering.

You might think that if you could see the LED, you could just hear the output of the speaker, but a telescope through a window 100 feet away appears to be sufficient. You can imagine that from a distance across a noisy office you might be able to pull the same trick. We don’t know — but we suspect — even if headphones were plugged into the speakers, the LED would still modulate the audio. Any device supplying power to the speakers is a potential source of a leak.

On the one hand, this is insidious because, unlike more active forms of bugging, this would be pretty much undetectable. On the other hand, there are a variety of low-tech and high-tech mitigations to the attack, too. Low tech? Close your blinds or cover the LED with some tape. High tech? Feed a random frequency into the LED to destroy any leaking information. Super spy tech? Put fake speakers in front of your real speakers that silently playback misinformation on their LEDs.

The video plays samples of recovered speech and, honestly, it was clear enough but not great. We wondered if a little additional signal processing might help.

Passive bugs are hard to find. Even a fancy junction detector won’t tell you if your speakers are compromised by glow worm.

 

 


Source…

Valley News – Malware on employee’s company computer led to cyber attack on UVM Medical Center

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


One afternoon in late October, the information technology department at the University of Vermont Medical Center started receiving reports of glitching computer systems across its network.

Employees reported they were having trouble logging into business and clinical applications.

Some reported the systems weren’t working at all. Within a few hours, the IT department began to suspect the hospital was experiencing a cyberattack.

The possibility was very much on the IT team’s radar, as several other major hospital networks nationwide fell victim to cyberattacks earlier last fall.

Immediately, UVM Medical Center cut off all internet connections to the network to protect what data it could. Soon after, the department discovered a text file on a network computer, apparently left by the perpetrators of the attack.

“It basically said: ‘We encrypted your data; if you wanna get the key to un-encrypt it, contact us,’ ” explained Doug Gentile, senior VP of network information technology at the medical center. “There was no specific ransom note, no specific dollar amount or anything like that, it was just: ‘Here’s how you contact us.’ ”

The department immediately contacted the FBI and opted not to reach out to the attackers. “Even if you contact them, even if you pay them, you have no guarantee they’re gonna deliver anything,” Gentile said.

Over the ensuing weeks, UVM Medical Center worked closely with the FBI to investigate the source of the attack while the hospital operated without access to most of its data for several weeks.

“Of course we have standard procedures for if systems go down, but being down for two to three weeks is beyond what we ever expect. It was stressful for people,” Gentile said. The attack cost the hospital between $40 million and $50 million, mostly in lost revenue.

But it could have been worse.

“While it was a significant inconvenience and a big financial hit, the fact that no data was breached was huge,” Gentile said. When the cyberattack was discovered, hospital officials feared patient data could be stolen. Things like Social Security numbers, insurance information, and medical records were all on the line.

Often, in cases like…

Source…

Binance reveals how data analytics led to ransomware-linked money laundering bust

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Crypto-exchange exploits OpSec mistakes to bust crooks

Binance offers details on how it is using data analytics to fight money laundering

The Binance cryptocurrency exchange has explained how advances in data analytics helped it track down a group of money launderers involved with various cybercrimes, including the notorious Clop ransomware scam.

Ukrainian police announced the arrest of individuals and the takedown of infrastructure related to the ‘Clop’ ransomware operation earlier this month.

Binance’s statement confirms that those arrested were cashing out and laundering funds, rather than being behind the creation of the ransomware.

The group – also known as FANCYCAT – had their fingers in numerous criminal scams including laundering money for dark web operators as well as ransomware peddlers.

Follow the (digital) money

Analogous with drug dealers, the funds extracted from victims through criminal activity such as ransomware need to be disguised before they can be safely spent in the real world to buy goods. That’s because any funds tied back to criminal activity can become the target of forfeiture orders.

Even if money is already in digital form there is a need to launder it, with abusing exchanges being one of the main techniques in play.

“Blockchain analysis shows a network of money launderers living inside macro exchanges which deposit and withdraw to each other to wash the money,” according to Binance, the Cayman Islands-domiciled crypto exchange.

Based on this insight, Binance was able to apply detection mechanisms to identify and interdict suspect accounts before working with law enforcement to build cases and take down criminal groups, as it explained in a blog post about the investigation.

We applied the two-pronged approach to the FANCYCAT investigation: our AML detection and analytics program detected suspicious activity on Binance.com and expanded the suspect cluster. Once we mapped out the complete suspect network, we worked with private sector chain analytics companies TRM Labs and Crystal (BitFury) to analyze on-chain activity and gain a better understanding of this group and its attribution.

Based on our analysis we found that this specific group was not only associated with laundering Clop…

Source…

Cybersecurity training startup Hack The Box raises $10.6M Series A led by Paladin Capital – TechCrunch

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Cybersecurity training startup Hack The Box, which emerged originally from Greece, has raised a Series A investment round of $10.6 million, led by Paladin Capital Group and joined by Osage University Partners, Brighteye Ventures and existing investors Marathon Venture Capital. It will use the funding to expand. Most recently it launched Hack The Box Academy.

Started in 2017, Hack The Box specializes in using “ethical hacking” to train cybersecurity techniques. Users are given challenges to “attack” virtual vulnerable labs in a simulated, gamified and test environment. This approach has garnered more than 500,000 platform members, from beginners to experts, and brought in around 800 organizations (such as governments, Fortune 500 companies, and academic institutions) to improve their cyber-adversarial knowledge.

Haris Pylarinos, Hack The Box co-founder and CEO said: “Everything we do is geared around creating a safer internet by empowering corporate teams and individuals to create unbreakable systems.”

Gibb Witham, senior vice president, Paladin Capital Group, commented: “We’re excited to be backing Hack The Box at this inflection point in their growth as organizations recognize the increasing importance of an adversarial security practice to combat constantly evolving cyber attacks.”

Hack The Box competes with Offensive Security, Immersive Labs, INE and eLearnSecurity (acquired by INE).

Hack The Box is using a SaaS business model. In the B2C market it provides monthly and annual subscriptions that provide unrestricted access to the training content and in the B2B market, it provides bi-annual and annual licenses which provide access to dedicated adversarial training environments with value-added admin capabilities.

Source…